Cisco Registered Envelope Service CVE-2017-3889 Open Redirection Vulnerability

Cisco Registered Envelope Service is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input.

An attacker can leverage this issue to conduct phishing attacks; other attacks are possible.

This issue is being tracked by Cisco Bug ID CSCvc60123.


Bugtraq ID: 97433
Class: Input Validation Error
CVE: CVE-2017-3889

Remote: Yes
Local: No
Published: Apr 05 2017 12:00AM
Credit: Jim Guma
Vulnerable: Cisco Registered Envelope Service 5.1.0-015

Not Vulnerable:


An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

Related Posts